Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-54009 — Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an image_url.url value that, when it does NOT sta…

open_webui | Remote | Path Traversal
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
8.3 HIGH
CVE-2026-54010 — Open WebUI: Forged chat-file link allows cross-user file read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated user attach arbitrary file_id values to their own c…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
8.7 HIGH
CVE-2026-54011 — Open WebUI: Stored XSS in Mermaid Markdown Preview

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and i…

open_webui | Remote | Cross-Site Scripting
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.1 HIGH
CVE-2026-54012 — Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbi…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.6 HIGH
CVE-2026-54013 — Open WebUI: Stored XSS to Account Takeover via Model Profile Images in Open WebUI

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in user profile images and webhook profile images but for…

open_webui | Remote | Cross-Site Scripting
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
4.3 MEDIUM
CVE-2026-54014 — Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint th…

open_webui | Remote | Path Traversal
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.4 MEDIUM
CVE-2026-54015 — Open WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-history endpoints authorize the prompt_id in the URL but…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
4.3 MEDIUM
CVE-2026-54016 — Open WebUI: Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base …

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object Level Authorization (BOLA) vulnerability in the built…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.7 HIGH
CVE-2026-54018 — Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader implements a validate_url function to prevent SSRF attac…

open_webui | Remote | Server-Side Request Forgery
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.5 MEDIUM
CVE-2026-54019 — Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed wh…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
4.0 MEDIUM
CVE-2026-57053 — GNU libidn Out-of-Bounds Read Vulnerability

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.

libidn | Memory Corruption
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.3 MEDIUM
CVE-2026-54021 — Open WebUI: Authenticated users can target arbitrary configured Ollama backends via ungua…

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed Ollama proxy routes accept a caller-supplied url_idx…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
5.3 MEDIUM
CVE-2026-54022 — Open WebUI: Any authenticated user can read other users' private notes via Socket.IO

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.IO handler checks note ownership only when the docume…

open_webui | Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.1 MEDIUM
CVE-2026-48520 — Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (or "Public Flows" in code) contains a potential arbitrary file-read vulnera…

langflow | Remote | Path Traversal
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
8.8 HIGH
CVE-2026-33760 — Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on…

langflow | Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.5 MEDIUM
CVE-2026-42867 — Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (POST /api/v1/knowledge_bases). This…

langflow | Remote | Path Traversal
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
9.9 CRITICAL
CVE-2026-55255 — Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attacke…

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authent…

langflow | Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.1 MEDIUM
CVE-2026-55423 — Langflow: Logout button does not clear session

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user expl…

langflow | Authentication
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.5 HIGH
CVE-2026-55446 — Langflow: Unauthenticated DoS through multipart form boundary file upload

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse…

langflow | Remote | Denial of Service
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
9.6 CRITICAL
CVE-2026-48519 — Langflow: Unauthenticated RCE in Shareable Playgrounds

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Shareable …

langflow | Remote | Injection
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Showing 20 of 7731 Results